#!/bin/bash #so-fleet-setup $FleetEmail $FleetPassword . /usr/sbin/so-common if [[ $# -ne 2 ]] ; then echo "Username or Password was not set - exiting now." exit 1 fi USER_EMAIL=$1 USER_PW=$2 # Checking to see if required containers are started... if [ ! "$(docker ps -q -f name=so-fleet)" ]; then echo "Starting Docker Containers..." salt-call state.apply mysql queue=True >> /root/fleet-setup.log salt-call state.apply fleet queue=True >> /root/fleet-setup.log salt-call state.apply redis queue=True >> /root/fleet-setup.log fi docker exec so-fleet fleetctl config set --address https://127.0.0.1:8080 --tls-skip-verify --url-prefix /fleet docker exec so-fleet bash -c 'while [[ "$(curl -s -o /dev/null --insecure -w ''%{http_code}'' https://127.0.0.1:8080/fleet)" != "301" ]]; do sleep 5; done' # Create Security Onion Fleet Service Account + Setup Fleet FLEET_SA_EMAIL=$(lookup_pillar_secret fleet_sa_email) FLEET_SA_PW=$(lookup_pillar_secret fleet_sa_password) docker exec so-fleet fleetctl setup --email $FLEET_SA_EMAIL --password $FLEET_SA_PW --name SO_ServiceAccount --org-name SO # Create User Account echo "$USER_PW" | so-fleet-user-add "$USER_EMAIL" # Import Packs & Configs docker exec so-fleet fleetctl apply -f /packs/palantir/Fleet/Endpoints/MacOS/osquery.yaml docker exec so-fleet fleetctl apply -f /packs/palantir/Fleet/Endpoints/Windows/osquery.yaml docker exec so-fleet fleetctl apply -f /packs/so/so-default.yml docker exec so-fleet /bin/sh -c 'for pack in /packs/palantir/Fleet/Endpoints/packs/*.yaml; do fleetctl apply -f "$pack"; done' docker exec so-fleet fleetctl apply -f /packs/osquery-config.conf # Update the Enroll Secret echo "Updating the Enroll Secret..." salt-call state.apply fleet.event_update-enroll-secret queue=True >> /root/fleet-setup.log salt-call state.apply nginx queue=True >> /root/fleet-setup.log # Generate osquery install packages echo "Generating osquery install packages - this will take some time..." salt-call state.apply fleet.event_gen-packages queue=True >> /root/fleet-setup.log sleep 120 echo "Installing launcher via salt..." salt-call state.apply fleet.install_package queue=True >> /root/fleet-setup.log salt-call state.apply filebeat queue=True >> /root/fleet-setup.log docker stop so-nginx salt-call state.apply nginx queue=True >> /root/fleet-setup.log echo "Fleet Setup Complete - Login with the username and password you ran the script with."